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Period for Reply 

A SHORTENED STATUTORY PERIOD FOR REPLY IS SET TO EXPIRE 3 MONTH(S) FROM 
THE MAILING DATE OF THIS COMMUNICATION. 

• Extensions of time may be available under the provisions of 37 CFR 1.136(a). In no event, however, may a reply be timely filed 
after SIX (6) MONTHS from the mailing date of this communication. 

- If the period for reply specified above is less than thirty (30) days, a reply within the statutory minimum of thirty (30) days will be considered timely. 

- If NO period for reply is specified above, the maximum statutory period will apply and will expire SIX (6) MONTHS from the mailing date of this communication. 

- Failure to reply within the set or extended period for reply will, by statute, cause the application to become ABANDONED (35 U.S.C. § 133). 
Any reply received by the Office later than three months after the mailing date of this communication, even if timely filed, may reduce any 
earned patent term adjustment. See 37 CFR 1.704(b). 

Status 

1)^ Responsive to communication(s) filed on 13 March 2005 . 
2a)G3 This action is FINAL. 2b)D This action is non-final. 

3) D Since this application is in condition for allowance except for formal matters, prosecution as to the merits is 

closed in accordance with the practice under Ex parte Quayle, 1935 CD. 11, 453 O.G. 213. 

Disposition of Claims 

4) S Claim(s) 1-24 is/are pending in the application. 

4a) Of the above claim(s) 2, 10 and 18 is/are withdrawn from consideration. 

5) D Claim(s) is/are allowed. 

6) [3 Claim(s) 1-24 is/are rejected. 

7) D Claim(s) is/are objected to. 

8) D Claim(s) are subject to restriction and/or election requirement. 

Application Papers 

9) D The specification is objected to by the Examiner. 

10) D The drawing(s) filed on is/are: a)D accepted or b)D objected to by the Examiner. 

Applicant may not request that any objection to the drawing(s) be held in abeyance. See 37 CFR 1.85(a). 
Replacement drawing sheet(s) including the correction is required if the drawing(s) is objected to. See 37 CFR 1.121(d). 

11) D The oath or declaration is objected to by the Examiner. Note the attached Office Action or form PTO-152. 

Priority under 35 U.S.C. § 119 

12) D Acknowledgment is made of a claim for foreign priority under 35 U.S.C. § 119(a)-(d) or (0. 
a)D All b)D Some * c)D None of: 

1 .□ Certified copies of the priority documents have been received. 

2. Q Certified copies of the priority documents have been received in Application No. . 

3. D Copies of the certified copies of the priority documents have been received in this National Stage 

application from the International Bureau (PCT Rule 17.2(a)). 
* See the attached detailed Office action for a list of the certified copies not received. 
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Response to Amendment 

1. This action is responsive to the amendment filed on March 13 th , 2005. Claims 1- 
24 represent a "Method and Apparatus to Facilitate Individual and Global Lockouts to 
Network Applications." Claims 1, 3, 4, 9, 11, 12, 17, 19 and 20 are amended. Claims 2, 
10 and 18 are canceled. Claims 1-24 are pending. 

Response to Arguments 

2. In response to the denial of priority benefit request articulated in the last office 
action, applicant made reference to application serial number 60/316,808 pages 5-6 
section titled "IP AND GLOBAL LOCKOUT TO PREVENT BRUTE FORCE 
(REPEATED) ATTACK ON PASSWORD BASED AUTHENTICATION". Upon review of 
said application it was found that application serial number 60/316,808 is a document of 
44 pages titled " Security Mechanisms in a Network Environment " made up of the 
following sections: Overview (p.1), Global Timeout in Web Based Environments (p.2 
and p.4) background, details, advantages, Architectural Document for Extensible (p. 7) 
Login server (p.8) preface, abstract, overview, introduction, design approach, writing 
modules for integration, interfaces, case studies in integration, integration w/Netegrity 
Site Minder (1, 1.1, 2, 2.1, 2.2, 3, 3.1, 4, 4.1 - sections numbering respectively), 
whereas on January 10, 2002 Applicant filed the specification entitled: " Method and 
Apparatus to Facilitate Individual and Global Lockouts to Network Applications " 
containing 10 pages. The later-filed application must be an application for a patent for 
an invention which is also disclosed in the prior application (the parent or original 
nonprovisional application or provisional application); the disclosure of the invention in 
the parent application and in the later-filed application must be sufficient to comply with 
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the requirements of the first paragraph of 35 U.S.C. 112. See Transco Products, Inc. v. 
Performance Contracting, Inc., 38 F.3d 551, 32 USPQ2d 1077 (Fed. Cir. 1994). 

Consequently, p riority is denied . Applicant is invited to ascertain the equivalency 
of these two documents both in form and substance. 

3. Applicant 's articulation of the virtues of the amended claims has been 
considered. However, these arguments are moot in view of the new ground(s) of 
rejection. Applicant is advised that only the amendments are addressed. 

The dependent claims stand rejected as articulated in the First Office Action and 
all objections not addressed in Applicant's response are herein reiterated. 

Claim Rejections - 35 USC § 103 
The following is a quotation of 35 U.S.C. 103(a) which forms the basis for all 
obviousness rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or described as set forth in section 102 
of this title, if the differences between the subject matter sought to be patented and the prior art are such that the subject 
matter as a whole would have been obvious at the time the invention was made to a person having ordinary skill in the art 
to which said subject matter pertains. Patentability shall not be negatived by the manner in which the invention was made. 

4. Claims 1, 9, and 17 are rejected under 35 U.S.C. §103(a) as being unpatentable 
over Rowland (US 6,405,318) in view of Ruvolo (US 5,928,363) and in further view of 
Durinovic-Johri et al. (US 5,699,514.) 

Rowland teaches the invention substantially as claimed including a computer 
implemented intrusion detection system and method that monitors a computer system in 
real-time for activity indicative of attempted or actual access by unauthorized persons or 
computers. (See abstract). 
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Claims 1. 9. 17 : 

As for above claims Rowland teaches a method, a computer-readable storage 
medium and apparatus to facilitate locking an adversary out of a network application, 
comprising: ( See Fig. 3 ) 

receiving at a server a request, including an authentication credential, to 
access the network application, wherein the authentication credential includes a 
user identifier associated with a user and a network address of a user device; 

examining an audit log to determine if the user identifier has been locked 
out from the network address; and ( See col. 4, lines 15-25 .) 

if the user identifier has been locked out from the network address, 

denying access to the network application: ( See col. 7. lines 32-37 .) 
otherwise, checking the authentication credential for validity, and 

if the authentication credential is valid, ( See col. 8. lines 52-60 .) 

allowing access to the network application, 
otherwise, 

logging a failed attempt in the audit log, wherein the 
user identifier is locked out from the network address after 
a threshold number of failed attempts, and ( See col. 7. lines 37-40 .) 
imposing a global lockout for the user identifier after a threshold number of 
network addresses are locked out of the user identifier : and 

denying access to the network application; ( See col.8, line 1 .) 
whereby the adversary is prevented from accomplishing an attack by 
masquerading as the user. 
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Rowland does not specifically address receiving at a server a request, including 
an authentication credential, to access the network application. However, Ruvolo 
discloses a client establishing a first session with an application executing on a server. 
(See col. 4, lines 31-34, 57-60.) 

Hence, it would have been obvious at the time of the invention for an artisan of 
ordinary skill in the art to combine the intrusion detection system taught by Rowland 
with receiving at a server a request as taught by Ruvolo preventing an unauthorized 
user from gaining access by locking said user from the system. 

Neither Rowland nor Ruvolo refer to a lockout. However, Durinovic-Johri 
specifically discloses a first threshold, a second threshold and lockout. (See abstract - 
see also col. 2, lines 60-64 and col. 5, lines 52-57.) 

Rowland, Ruvolo and Durinovic-Johri are analogous art because they all deal 
with access control to resources. Hence, it would have been obvious at the time of the 
invention for an artisan of ordinary skill in the art to combine the intrusion detection 
system taught by Rowland and receiving at a server a request as taught by Ruvolo with 
the access control system with lockout disclosed by Durinovic-Johri by improving 
security in an access control system of the type that provides for lockout after a 
predetermined number of failed access attempts, while retaining a high degree of user 
friendliness. 
Claims 3, 11. 19 

As for above claims Rowland teaches the method of claim 2, the computer- 
readable storage medium of claim 10, the apparatus of claim 18 further comprising: 
removing a lockout after a predetermined period of time. 
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Rowland does not specifically address removing a lockout after a predetermined 
period of time. However, Ruvolo discloses reauthentication process at the "End of 
Authenticated Session" which implies that the lockout is constructively removed after a 
predetermined period of time. (See col. 8, lines 5-28.) 

Hence, it would have been obvious at the time of the invention for an artisan of 
ordinary skill in the art to combine the intrusion detection system taught by Rowland 
with the reautehntication process as taught by Ruvolo trapping an unauthorized user by 
lulling the persistent user into an extended session. 
Claims 4, 12, 20 

As for above claims Rowland teaches the method of claim 2, the computer- 
readable storage medium of claim 10, the apparatus of claim 18 further comprising: 
manually removing a lockout by an administrator of the server. 

Rowland teaches that the system administrator may also select the actions to be 
taken by the control function. (See col. 8, lines 32-33.) 

Hence, it would have been obvious at the time of the invention for an artisan of 
ordinary skill in the art to manually remove the lockout as taught by Rowland. 
Claims 5, 13, 21 

As for above claims Rowland teaches the method of claim 1, the computer- 
readable storage medium of claim 9, the apparatus of claim 17 wherein the 
authentication credential includes a user name and a password. 

Rowland does not specifically address the authentication credential to 
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include a user name and a password. However, Ruvolo expressly discloses 
authentication credential to include a user name and a password. (See col. 7, lines 32- 
36.) 

Hence, it would have been obvious at the time of the invention for an artisan of 
ordinary skill in the art to combine the intrusion detection system taught by Rowland 
with the authentication credential as taught by Ruvolo providing security to the system 
by allowing access only to authenticated users. 

5. Claims 6, 14, 22 are rejected under 35 U.S.C. 103(a) as being unpatentable 
over Rowland as applied to claims 5, 13 and 21 above, in view of Limisco (U.S. 
6.662.228). 

As for above claims Rowland teaches the method of claim 5, the computer- 
readable storage medium of claim 13, the apparatus of claim 21 wherein checking the 
authentication credential for validity involves: 

verifying that an administrator has authorized access to the network application 
for a combination of the user name and the password; and 

determining if the request violates an access rule in a rule table. 

Rowland does not specifically address verifying whether an administrator has 
authorized access. However, Limisco expressly discloses verification of authorized 
access for an administrator. (See col. 6, lines 28-37 and col. 3, lines 23-32.) 

Hence, it would have been obvious at the time of the invention for an artisan of 
ordinary skill in the art to combine the intrusion detection system taught by Rowland 
with the administrator's verification system as taught by Limisco allowing the system to 
be administered since user accounts must be created and manipulated. 
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6. Claims 7-8,15-16, and 23-24 are rejected under 35 U.S.C. 103(a) as being 
unpatentable over Rowland as applied to claims 6, 14 and 22 above, in view of See et 
al. (U.S. 6.339,830). 
Claims 7, 15, 23 

As for above claims Rowland teaches the method of claim 6, the computer- 
readable storage medium of claim 14, the apparatus of claim 22 wherein wherein the 
access rule can specify: 

an allowed time-of-day; 

an allowed number of access attempts; 

an allowed network address; and 

an allowed network domain. (See col. 6, line 35.) 

Rowland implicitly encompasses network domain. (See col. 6, line 35.) Rowland 
does not explicitly disclose allowed number of access attempts nor does it expressly 
teach allowed network address. However, See pointedly teaches these limitations at 
col. 6, lines 44-56. 

Hence, it would have been obvious at the time of the invention for an artisan of 
ordinary skill in the art to combine the intrusion detection system taught by Rowland 
with the authentication service taught by See allowing the system to be thorough by 
providing different parameters to check the authentication credential for validity. 
Claims 8, 16, 24 

As for above claims Rowland teaches the method of claim 1 , the computer- 
readable storage medium of claim 9, the apparatus of claim 17 wherein the network 
address includes Internet Protocol address. 
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Rowland does not explicitly disclose Internet Protocol address. However, See 
pointedly teaches Internet Protocol address at col. 8, lines 1-2. 

Hence, it would have been obvious at the time of the invention for an artisan of 
ordinary skill in the art to combine the intrusion detection system taught by Rowland 
with the authentication service taught by See allowing the system to be encompassing 
by reaching through the Internet. 

7. THIS ACTION IS MADE FINAL. 

Applicant's amendments necessitated the new ground(s) of rejection presented 
in this Office action. Accordingly, THIS ACTION IS MADE FINAL. See MPEP 
§ 706.07(a). Applicant is reminded of the extension of time policy as set forth in 37 
CFR 1.136(a). 

A shortened statutory period for reply to this final action is set to expire THREE 
MONTHS from the mailing date of this action. In the event a first reply is filed within 
TWO MONTHS of the mailing date of this final action and the advisory action is not 
mailed until after the end of the THREE-MONTH shortened statutory period, then the 
shortened statutory period will expire on the date the advisory action is mailed, and any 
extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of 
the advisory action. In no event, however, will the statutory period for reply expire later 
than SIX MONTHS from the mailing date of this final action. 
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8. Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to Emmanuel Coffy whose telephone number is (571) 272- 
3997. The examiner can normally be reached on 8:30 - 5:00 P.M. 
If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Ario Etienne can be reached on (571 ) 272-4001 . The fax phone number for 
the organization where this application or proceeding is assigned is 703-872-9306. 
Information regarding the status of an application may be obtained from the Patent 
Application Information Retrieval (PAIR) system. Status information for published 
applications may be obtained from either Private PAIR or Public PAIR. Status 
information for unpublished applications is available through Private PAIR only. For 
more information about the PAIR system, see http://pair-direct.uspto.gov. Should you 
have questions on access to the Private PAIR system, contact the Electronic Business 
Center (EBC) at 866-21 7-91 97 (toll-free). 



Emmanuel Coffy 
Patent Examiner 
Art Unit 2157 
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